Advice and Opinion

Data generated from smart buildings must be POPIA compliant

Covid-19 has undoubtedly changed the way buildings are being designed, constructed, and managed.

Architects and property owners are turning to technology to deliver an enhanced user experience as occupants increasingly demand buildings that are not only intelligent and more energy-efficient but also hygienically safe, especially in high-traffic commercial environments such as hotels, shopping centres, airports, and hospitals.

Morag Evans, CEO of Databuild, says the creation of smart buildings can yield considerable value when it comes to monitoring occupancy rates and supporting a safe and healthy environment, but it must be remembered that digitally engineered buildings generate a substantially large quantity of data.

And while the collection of data can be extremely useful in gaining insights that help improve the overall safety and wellbeing of building occupants, gathering information on behavioural patterns includes personal data and this must be processed in a manner that does not infringe on building occupants’ rights,” she cautions.

According to the Act, everyone has a right to privacy and protection against the unlawful collection, retention, dissemination and use of personal information. Failure to comply with the legislation can lead to hefty fines of up to R10 million and/or imprisonment of up to twelve months.

The management and protection of personal data is therefore a key consideration for smart building owners and landlords,” says Evans.

Minimise data collection

One of the best ways to mitigate the risk of non-compliance with POPIA regulations is to minimise the volume of data that is collected,” she advises.

Only collect what is necessary for immediate usage. For example, temperature and lighting sensors can be used to change settings when persons enter and leave a room. Storing users’ individual preferences significantly increases the volume of data being collected as the system is required to ‘remember’ these preferences. Sensors that function on standard settings, however, are far less data dependent.”

Ensure data security

The POPI Act also requires that adequate control measures be put in place to safeguard all the data being collected.

Building owners and landlords are not only required to ensure that the data is secure from a technical perspective, but also that in the event of a data breach, the fallout can be dealt with effectively and speedily”.

The larger the amount of data collected, the harder this is to do,” Evans points out.

Design with POPIA in mind

Covid-19 has redefined the way people relate to the buildings in which they work, live and meet, and technology – and the data it generates – is playing a pivotal role in the development of safe and efficient spaces”.

It is therefore imperative that these smart infrastructures are designed and built with data and personal information protection measures in mind to ensure that this data does not fall into the wrong hands,” she concludes.

Article originally published on Databuild